PLANT2 V2 ZOMB132-20240219T094842Z-001[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

PLANT2 V2 ZOMB132-20240219T094842Z-001.zip
Size

49.1MB
MD5

82f66948d6f73128ec2d505a1d2caf57
SHA1

2600ee6002998e4eaf14ae22dc361d332a481f8e
SHA256

ffbca929a4b96d6dce2112235665fa96e7a0f53be3936e0e787a8a8b78bbf3c9
SHA512

d2ee78cf0c3c53cbab6360728b2482fe89c821435bf7ab894f198657716c65f68be7d9fa51850df8146b18ce2d6808ad70aee1498c2eb22c0b9e81ed4ccddc41
SSDEEP

786432:hHjWAihjHoHq+tGRHFiDSWeuL2zWEOoLkQ5d6i59aAdL/d9snz:tWAiiHfYsnuLkQt31Cnz

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack002/bass.dll
unpack002/steam.dll
unpack001/PLANT2 V2 ZOMB132/bass.dll
unpack001/PLANT2 V2 ZOMB132/steam.dll

Files

PLANT2 V2 ZOMB132-20240219T094842Z-001.zip
.zip
PLANT2 V2 ZOMB132/ClientRegistry.blob
PLANT2 V2 ZOMB132/Plants vs. Zombies.rar
.rar
ClientRegistry.blob
PlantsVsZombies.exe
.exe windows:4 windows x86 arch:x86

caa73f3854faf99325bb3b7b5cb4c400

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3c:61:df:38:d5:bb:38:36:a8:b4:4b:98:5c:50:44:79
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

01/09/2006, 00:00

Not After

21/09/2009, 23:59

Subject

CN=PopCap Games,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=PopCap Games,L=Seattle,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\rmtest\pc\_base\util\DRMProtectRun2.pdb

Imports

wsock32

WSAStartup
WSACleanup

kernel32

DeleteFileA
CreateFileA
MoveFileExA
SetThreadPriority
Process32Next
GetCommandLineW
GetExitCodeProcess
GlobalUnlock
CreateMutexA
OutputDebugStringA
Sleep
OpenProcess
GetWindowsDirectoryA
FreeLibrary
EnumResourceNamesA
SetFileAttributesA
Process32First
LeaveCriticalSection
CreateFileMappingA
CreateThread
InitializeCriticalSection
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
SetEvent
GetModuleHandleA
MapViewOfFile
CreateEventA
UnmapViewOfFile
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentProcessId
VirtualFree
VirtualAlloc
CompareStringA
InterlockedExchange
SetLastError
GetCurrentThread
SetEnvironmentVariableA
CloseHandle
EnumSystemLocalesA
GetLastError
GetStringTypeA
GetLocaleInfoA
GetDateFormatA
GetTimeFormatA
CreatePipe
GetFileAttributesA
GetConsoleOutputCP
WriteConsoleA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapCreate
HeapDestroy
GetOEMCP
GetACP
HeapSize
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteFile
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
SetFilePointer
SetHandleCount
LCMapStringA
MoveFileA
DuplicateHandle
GetFileType
SetStdHandle
GetFullPathNameA
GetDriveTypeA
RaiseException
RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapReAlloc
ExitThread
GetSystemTimeAsFileTime
GetProcessHeap
HeapAlloc
HeapFree
SetEndOfFile
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
LoadLibraryA
ResumeThread
GetTickCount
CreateToolhelp32Snapshot
GetModuleFileNameA
GlobalLock
TerminateProcess
GetVolumeInformationA
CreateProcessA
GetUserDefaultLCID
IsValidLocale
CreateDirectoryA
InterlockedDecrement
InterlockedIncrement
GetTimeZoneInformation
CopyFileA
OpenMutexA
GetConsoleScreenBufferInfo
GetConsoleCursorInfo
GetStdHandle
ReleaseMutex
WaitForMultipleObjects
OpenFileMappingA
OpenEventA
SetFileTime
ReadConsoleInputA
AllocConsole
SetConsoleCursorPosition
SetConsoleCtrlHandler
SetConsoleCursorInfo
GetCurrentThreadId
SetConsoleTitleA
PeekConsoleInputA
GetVersionExA
FindClose
FindFirstFileA
FindNextFileA
GlobalAlloc
VirtualProtect
VirtualQuery
GetThreadPriority
MulDiv
GetFileTime
FreeConsole
SetConsoleTextAttribute

user32

FillRect
CreateCursor
DestroyCursor
GetFocus
GetQueueStatus
WindowFromPoint
DrawMenuBar
SetClipboardData
BeginPaint
ReleaseDC
UnregisterClassA
GetSystemMenu
DeleteMenu
ScreenToClient
GetWindowPlacement
SetFocus
PostThreadMessageA
DestroyWindow
DestroyCaret
DispatchMessageA
GetDesktopWindow
SetWindowTextA
GetCursor
GetClientRect
GetForegroundWindow
SetTimer
LoadImageA
GetWindowThreadProcessId
HideCaret
IntersectRect
RegisterClassA
PostQuitMessage
GetWindowTextLengthA
SendMessageA
GetMessageA
GetCursorPos
AppendMenuA
TrackPopupMenu
OpenClipboard
CreateCaret
MessageBoxA
MoveWindow
EnumDisplayMonitors
GetWindowRect
IsWindow
IsIconic
ShowCaret
PostMessageA
OpenIcon
GetDC
AdjustWindowRect
EndPaint
RegisterWindowMessageA
TranslateMessage
DefWindowProcA
GetSystemMetrics
IsWindowVisible
BringWindowToTop
CloseClipboard
CreateWindowExA
SetCaretPos
GetWindowTextA
SetForegroundWindow
EnumWindows
ShowWindow
LoadCursorA
ClientToScreen
PeekMessageA
CreatePopupMenu
SetCursor
GetParent
ReleaseCapture
SetCapture
FlashWindowEx

gdi32

SelectClipRgn
GdiFlush
GetStockObject
GetDeviceCaps
CreateFontA
GetTextMetricsA
GetCharABCWidthsA
GetObjectA
CreateFontIndirectA
SetBkMode
IntersectClipRect
DeleteObject
DeleteDC
SelectObject
CreateCompatibleDC
CreateDIBSection
BitBlt
SetDIBitsToDevice
SetTextColor
StretchBlt

advapi32

RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA

shell32

ShellExecuteA

ole32

CoUninitialize
CoInitialize
CoInitializeSecurity
CoCreateInstance

oleaut32

SysFreeString
SysAllocStringByteLen

wininet

InternetOpenA
HttpOpenRequestA
HttpQueryInfoA
InternetReadFile
InternetConnectA
HttpSendRequestA
InternetCloseHandle

winmm

timeEndPeriod
PlaySoundA
timeBeginPeriod
timeGetTime

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 220KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Uninstall.ini
bass.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BASS_Apply3D
BASS_ChannelBytes2Seconds
BASS_ChannelGet3DAttributes
BASS_ChannelGet3DPosition
BASS_ChannelGetAttributes
BASS_ChannelGetData
BASS_ChannelGetDevice
BASS_ChannelGetEAXMix
BASS_ChannelGetInfo
BASS_ChannelGetLength
BASS_ChannelGetLevel
BASS_ChannelGetPosition
BASS_ChannelIsActive
BASS_ChannelIsSliding
BASS_ChannelPause
BASS_ChannelPlay
BASS_ChannelPreBuf
BASS_ChannelRemoveDSP
BASS_ChannelRemoveFX
BASS_ChannelRemoveLink
BASS_ChannelRemoveSync
BASS_ChannelSeconds2Bytes
BASS_ChannelSet3DAttributes
BASS_ChannelSet3DPosition
BASS_ChannelSetAttributes
BASS_ChannelSetDSP
BASS_ChannelSetEAXMix
BASS_ChannelSetFX
BASS_ChannelSetFlags
BASS_ChannelSetLink
BASS_ChannelSetPosition
BASS_ChannelSetSync
BASS_ChannelSlideAttributes
BASS_ChannelStop
BASS_ErrorGetCode
BASS_FXGetParameters
BASS_FXSetParameters
BASS_Free
BASS_Get3DFactors
BASS_Get3DPosition
BASS_GetCPU
BASS_GetConfig
BASS_GetDSoundObject
BASS_GetDevice
BASS_GetDeviceDescription
BASS_GetEAXParameters
BASS_GetInfo
BASS_GetVersion
BASS_GetVolume
BASS_Init
BASS_MusicFree
BASS_MusicGetAttribute
BASS_MusicGetName
BASS_MusicGetOrderPosition
BASS_MusicGetOrders
BASS_MusicLoad
BASS_MusicSetAttribute
BASS_Pause
BASS_PluginFree
BASS_PluginLoad
BASS_RecordFree
BASS_RecordGetDevice
BASS_RecordGetDeviceDescription
BASS_RecordGetInfo
BASS_RecordGetInput
BASS_RecordGetInputName
BASS_RecordInit
BASS_RecordSetDevice
BASS_RecordSetInput
BASS_RecordStart
BASS_SampleCreate
BASS_SampleCreateDone
BASS_SampleFree
BASS_SampleGetChannel
BASS_SampleGetInfo
BASS_SampleLoad
BASS_SampleSetInfo
BASS_SampleStop
BASS_Set3DFactors
BASS_Set3DPosition
BASS_SetConfig
BASS_SetDevice
BASS_SetEAXParameters
BASS_SetVolume
BASS_Start
BASS_Stop
BASS_StreamCreate
BASS_StreamCreateFile
BASS_StreamCreateFileUser
BASS_StreamCreateURL
BASS_StreamFree
BASS_StreamGetFilePosition
BASS_StreamGetTags
BASS_Update
_

Sections

Size: 85KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 568B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
drm/common/drm.xml
drm/common/drm.xml.sig
drm/common/fonts/Arial10.txt
drm/common/fonts/Arial10Bold.txt
drm/common/fonts/Arial12Bold.txt
drm/common/fonts/Arial9.txt
drm/common/fonts/Arial9Bold.txt
drm/common/fonts/_Arial10.png
.png
drm/common/fonts/_Arial10Bold.png
.png
drm/common/fonts/_Arial12Bold.png
.png
drm/common/fonts/_Arial9.png
.png
drm/common/fonts/_Arial9Bold.png
.png
drm/common/images/btn_buynow.gif
.gif
drm/common/images/btn_buynow2.gif
.gif
drm/common/images/btn_continue.gif
.gif
drm/common/images/btn_continue2.gif
.gif
drm/common/images/btn_finish.gif
.gif
drm/common/images/btn_finish2.gif
.gif
drm/common/images/btn_mask.gif
.gif
drm/common/images/btn_play.gif
.gif
drm/common/images/btn_play2.gif
.gif
drm/common/images/btn_play3.gif
.gif
drm/common/images/ecomm_wrapper_background.jpg
.jpg
drm/common/images/ecomm_wrapper_background_centered.jpg
.jpg
drm/common/images/ssframe.png
.png
drm/common/scripts/Bullets.luc
drm/common/scripts/ClassLink.luc
drm/common/scripts/Common.luc
drm/common/scripts/Consts.luc
drm/common/scripts/DProps.luc
drm/common/scripts/DRMApp.luc
drm/common/scripts/Default.luc
drm/common/scripts/Game.luc
drm/common/scripts/Layout.luc
drm/common/scripts/LuaApp.luc
drm/common/scripts/LuaCommonWidgets.luc
drm/common/scripts/LuaWidget.luc
drm/common/scripts/Screen.luc
drm/common/scripts/main.luc
drm/custom/drm.xml
drm/custom/drm.xml.sig
drm/custom/images/bullet1.jpg
.jpg
drm/custom/images/bullet1_.gif
.gif
drm/custom/images/bullet2.jpg
.jpg
drm/custom/images/bullet2_.gif
.gif
drm/custom/images/bullet3.jpg
.jpg
drm/custom/images/bullet3_.gif
.gif
drm/game.jpg
.jpg
drm/game_.gif
.gif
drm/logo.jpg
.jpg
drm/logo_.gif
.gif
drmss.jpg
.jpg
eula.txt
header.jpg
.jpg
info.txt
main.pak
properties/partner.xml
properties/partner.xml.sig
properties/partner_logo.jpg
.jpg
readme.html
.html
steam.dll
.dll windows:4 windows x86 arch:x86

72fadf9e53818fd86f58e6c8af873815

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MessageBoxA

advapi32

RegQueryValueExA
RegOpenKeyExA

kernel32

SetStdHandle
TlsGetValue
WriteConsoleW
GetConsoleOutputCP
GetCommandLineA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateFileA
GetFileSize
CreateFileMappingA
CloseHandle
MapViewOfFile
UnmapViewOfFile
ExitProcess
DisableThreadLibraryCalls
GetEnvironmentStrings
CreateProcessA
SetLastError
VirtualProtect
GetModuleHandleA
TerminateProcess
GetCurrentProcess
CreateDirectoryA
GetStdHandle
WriteConsoleA
GetCurrentDirectoryA
GetModuleFileNameA
GetFullPathNameA
GetSystemInfo
FindFirstFileA
FindClose
CompareStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
MultiByteToWideChar
GetLastError
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindNextFileA
HeapFree
HeapAlloc
GetCurrentThreadId
GetVersionExA
GetProcessHeap
RaiseException
RtlUnwind
GetProcAddress
SetEndOfFile
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
SetEnvironmentVariableA
WideCharToMultiByte
SetEnvironmentVariableW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
ReadFile
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LoadLibraryA
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CompareStringA

shell32

ShellExecuteA

Exports

Exports

?SteamSpawnedApplicationProcess@@YAXK@Z
CreateInterface
InternalSteamNumClientsConnectedToEngine
InternalSteamShouldShutdownEngine2
SteamAPI_Init
SteamAPI_InitGlobalInstance
SteamAPI_RegisterCallback
SteamAPI_RunCallbacks
SteamAPI_Shutdown
SteamAPI_UnregisterCallback
SteamAbortCall
SteamAbortOngoingUserIDTicketValidation
SteamAckSubscriptionReceipt
SteamApps
SteamBilling
SteamBlockingCall
SteamChangeAccountName
SteamChangeEmailAddress
SteamChangeForgottenPassword
SteamChangeOfflineStatus
SteamChangePassword
SteamChangePersonalQA
SteamCleanup
SteamClearError
SteamClient
SteamCloseFile
SteamCreateAccount
SteamCreateCachePreloaders
SteamCreateLogContext
SteamDecryptDataForThisMachine
SteamDeleteAccount
SteamEmuGetGcfList
SteamEmuGetLocalGcfCopy
SteamEmuGetProperty
SteamEmuGetWholeGcfCopy
SteamEmu_GetGcfList
SteamEmu_GetLocalGcfCopy
SteamEmu_GetProperty
SteamEmu_GetWholeGcfCopy
SteamEncryptDataForThisMachine
SteamEnumerateApp
SteamEnumerateAppDependency
SteamEnumerateAppIcon
SteamEnumerateAppLaunchOption
SteamEnumerateAppVersion
SteamEnumerateSubscription
SteamEnumerateSubscriptionDiscount
SteamEnumerateSubscriptionDiscountQualifier
SteamFindApp
SteamFindClose
SteamFindFirst
SteamFindNext
SteamFindServersGetErrorString
SteamFindServersIterateServer
SteamFindServersNumServers
SteamFlushCache
SteamFlushFile
SteamForgetAllHints
SteamFriends
SteamGenerateSuggestedAccountNames
SteamGetAccountStatus
SteamGetAppCacheSize
SteamGetAppDependencies
SteamGetAppDir
SteamGetAppIds
SteamGetAppPurchaseCountry
SteamGetAppStats
SteamGetAppUpdateStats
SteamGetAppUserDefinedInfo
SteamGetAppUserDefinedRecord
SteamGetCacheDecryptionKey
SteamGetCacheDefaultDirectory
SteamGetCacheFilePath
SteamGetContentServerInfo
SteamGetCurrentEmailAddress
SteamGetEncryptedNewValveCDKey
SteamGetEncryptedUserIDTicket
SteamGetEncryptionKeyToSendToNewClient
SteamGetLocalClientVersion
SteamGetLocalFileCopy
SteamGetNumAccountsWithEmailAddress
SteamGetOfflineStatus
SteamGetSponsorUrl
SteamGetSubscriptionExtendedInfo
SteamGetSubscriptionIds
SteamGetSubscriptionPurchaseCountry
SteamGetSubscriptionReceipt
SteamGetSubscriptionStats
SteamGetTotalUpdateStats
SteamGetUser
SteamGetUserType
SteamGetVersion
SteamGetc
SteamHintResourceNeed
SteamInitializeUserIDTicketValidator
SteamInsertAppDependency
SteamIsAccountNameInUse
SteamIsAppSubscribed
SteamIsCacheLoadingEnabled
SteamIsFileImmediatelyAvailable
SteamIsFileNeededByCache
SteamIsLoggedIn
SteamIsSecureComputer
SteamIsSubscribed
SteamLaunchApp
SteamLoadCacheFromDir
SteamLoadFileToCache
SteamLog
SteamLogResourceLoadFinished
SteamLogResourceLoadStarted
SteamLogin
SteamLogout
SteamMatchmaking
SteamMountAppFilesystem
SteamMountFilesystem
SteamMoveApp
SteamNumAppsRunning
SteamOpenFile
SteamOpenFileEx
SteamOpenTmpFile
SteamOptionalCleanUpAfterClientHasDisconnected
SteamPauseCachePreloading
SteamPrintFile
SteamProcessCall
SteamProcessOngoingUserIDTicketValidation
SteamPutc
SteamReadFile
SteamRefreshAccountInfo
SteamRefreshAccountInfoEx
SteamRefreshLogin
SteamRefreshMinimumFootprintFiles
SteamRemoveAppDependency
SteamRepairOrDecryptCaches
SteamRequestAccountsByCdKeyEmail
SteamRequestAccountsByEmailAddressEmail
SteamRequestEmailAddressVerificationEmail
SteamRequestForgottenPasswordEmail
SteamResumeCachePreloading
SteamSeekFile
SteamSetAppCacheSize
SteamSetAppVersion
SteamSetCacheDefaultDirectory
SteamSetMaxStallCount
SteamSetNotificationCallback
SteamSetUser
SteamSetvBuf
SteamShutdownEngine
SteamShutdownUserIDTicketValidator
SteamSizeFile
SteamStartEngine
SteamStartLoadingCache
SteamStartValidatingNewValveCDKey
SteamStartValidatingUserIDTicket
SteamStartup
SteamStat
SteamStopLoadingCache
SteamSubscribe
SteamTellFile
SteamUninstall
SteamUnmountAppFilesystem
SteamUnmountFilesystem
SteamUnsubscribe
SteamUpdateAccountBillingInfo
SteamUpdateSubscriptionBillingInfo
SteamUser
SteamUtils
SteamVerifyEmailAddress
SteamVerifyPassword
SteamWaitForAppReadyToLaunch
SteamWaitForResources
SteamWeakVerifyNewValveCDKey
SteamWriteFile
SteamWriteMiniDumpFromAssert
SteamWriteMiniDumpSetComment
SteamWriteMiniDumpUsingExceptionInfo
SteamWriteMiniDumpUsingExceptionInfoWithBuildId
Steam_GetHSteamUserCurrent
Steam_RegisterInterfaceFuncs
Steam_RunCallbacks
_f

Sections

.text
Size: 200KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
steam_api.dll
.dll windows:4 windows x86 arch:x86

eebb2f7547ef3b974839c0c8a701677a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

68:69:75:35:e3:81:fe:1f:91:c1:15:35:28:14:6a:27
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24/11/2006, 00:00

Not After

24/11/2009, 23:59

Subject

CN=Valve,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Valve,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

be:1f:70:3c:82:42:dc:f3:2b:11:ab:11:50:18:24:28:d9:6f:8c:6f
Signer

Actual PE Digest

be:1f:70:3c:82:42:dc:f3:2b:11:ab:11:50:18:24:28:d9:6f:8c:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

U:\steam3_rel_sdk\bin\release\steam_api.pdb

Imports

kernel32

CloseHandle
GetExitCodeProcess
OutputDebugStringA
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
LoadLibraryExA
OpenProcess
GetProcAddress
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetLastError
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
ExitProcess
Sleep
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
GetLocaleInfoA
InitializeCriticalSection
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Exports

Exports

GetHSteamPipe
GetHSteamUser
SteamAPI_GetHSteamPipe
SteamAPI_GetHSteamUser
SteamAPI_GetSteamInstallPath
SteamAPI_Init
SteamAPI_InitSafe
SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamAPI_RunCallbacks
SteamAPI_SetMiniDumpComment
SteamAPI_SetTryCatchCallbacks
SteamAPI_Shutdown
SteamAPI_UnregisterCallResult
SteamAPI_UnregisterCallback
SteamAPI_WriteMiniDump
SteamApps
SteamClient
SteamContentServer
SteamContentServerUtils
SteamContentServer_Init
SteamContentServer_RunCallbacks
SteamContentServer_Shutdown
SteamFriends
SteamGameServer
SteamGameServerApps
SteamGameServerNetworking
SteamGameServerUtils
SteamGameServer_BSecure
SteamGameServer_GetHSteamPipe
SteamGameServer_GetHSteamUser
SteamGameServer_GetIPCCallCount
SteamGameServer_GetSteamID
SteamGameServer_Init
SteamGameServer_InitSafe
SteamGameServer_RunCallbacks
SteamGameServer_Shutdown
SteamMasterServerUpdater
SteamMatchmaking
SteamMatchmakingServers
SteamNetworking
SteamRemoteStorage
SteamUser
SteamUserStats
SteamUtils
Steam_GetHSteamUserCurrent
Steam_RegisterInterfaceFuncs
Steam_RunCallbacks
g_pSteamClientGameServer

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
steamemu.ini
PLANT2 V2 ZOMB132/PlantsVsZombies.exe
.exe windows:4 windows x86 arch:x86

caa73f3854faf99325bb3b7b5cb4c400

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3c:61:df:38:d5:bb:38:36:a8:b4:4b:98:5c:50:44:79
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

01/09/2006, 00:00

Not After

21/09/2009, 23:59

Subject

CN=PopCap Games,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=PopCap Games,L=Seattle,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\rmtest\pc\_base\util\DRMProtectRun2.pdb

Imports

wsock32

WSAStartup
WSACleanup

kernel32

DeleteFileA
CreateFileA
MoveFileExA
SetThreadPriority
Process32Next
GetCommandLineW
GetExitCodeProcess
GlobalUnlock
CreateMutexA
OutputDebugStringA
Sleep
OpenProcess
GetWindowsDirectoryA
FreeLibrary
EnumResourceNamesA
SetFileAttributesA
Process32First
LeaveCriticalSection
CreateFileMappingA
CreateThread
InitializeCriticalSection
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
SetEvent
GetModuleHandleA
MapViewOfFile
CreateEventA
UnmapViewOfFile
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentProcessId
VirtualFree
VirtualAlloc
CompareStringA
InterlockedExchange
SetLastError
GetCurrentThread
SetEnvironmentVariableA
CloseHandle
EnumSystemLocalesA
GetLastError
GetStringTypeA
GetLocaleInfoA
GetDateFormatA
GetTimeFormatA
CreatePipe
GetFileAttributesA
GetConsoleOutputCP
WriteConsoleA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapCreate
HeapDestroy
GetOEMCP
GetACP
HeapSize
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteFile
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
SetFilePointer
SetHandleCount
LCMapStringA
MoveFileA
DuplicateHandle
GetFileType
SetStdHandle
GetFullPathNameA
GetDriveTypeA
RaiseException
RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapReAlloc
ExitThread
GetSystemTimeAsFileTime
GetProcessHeap
HeapAlloc
HeapFree
SetEndOfFile
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
LoadLibraryA
ResumeThread
GetTickCount
CreateToolhelp32Snapshot
GetModuleFileNameA
GlobalLock
TerminateProcess
GetVolumeInformationA
CreateProcessA
GetUserDefaultLCID
IsValidLocale
CreateDirectoryA
InterlockedDecrement
InterlockedIncrement
GetTimeZoneInformation
CopyFileA
OpenMutexA
GetConsoleScreenBufferInfo
GetConsoleCursorInfo
GetStdHandle
ReleaseMutex
WaitForMultipleObjects
OpenFileMappingA
OpenEventA
SetFileTime
ReadConsoleInputA
AllocConsole
SetConsoleCursorPosition
SetConsoleCtrlHandler
SetConsoleCursorInfo
GetCurrentThreadId
SetConsoleTitleA
PeekConsoleInputA
GetVersionExA
FindClose
FindFirstFileA
FindNextFileA
GlobalAlloc
VirtualProtect
VirtualQuery
GetThreadPriority
MulDiv
GetFileTime
FreeConsole
SetConsoleTextAttribute

user32

FillRect
CreateCursor
DestroyCursor
GetFocus
GetQueueStatus
WindowFromPoint
DrawMenuBar
SetClipboardData
BeginPaint
ReleaseDC
UnregisterClassA
GetSystemMenu
DeleteMenu
ScreenToClient
GetWindowPlacement
SetFocus
PostThreadMessageA
DestroyWindow
DestroyCaret
DispatchMessageA
GetDesktopWindow
SetWindowTextA
GetCursor
GetClientRect
GetForegroundWindow
SetTimer
LoadImageA
GetWindowThreadProcessId
HideCaret
IntersectRect
RegisterClassA
PostQuitMessage
GetWindowTextLengthA
SendMessageA
GetMessageA
GetCursorPos
AppendMenuA
TrackPopupMenu
OpenClipboard
CreateCaret
MessageBoxA
MoveWindow
EnumDisplayMonitors
GetWindowRect
IsWindow
IsIconic
ShowCaret
PostMessageA
OpenIcon
GetDC
AdjustWindowRect
EndPaint
RegisterWindowMessageA
TranslateMessage
DefWindowProcA
GetSystemMetrics
IsWindowVisible
BringWindowToTop
CloseClipboard
CreateWindowExA
SetCaretPos
GetWindowTextA
SetForegroundWindow
EnumWindows
ShowWindow
LoadCursorA
ClientToScreen
PeekMessageA
CreatePopupMenu
SetCursor
GetParent
ReleaseCapture
SetCapture
FlashWindowEx

gdi32

SelectClipRgn
GdiFlush
GetStockObject
GetDeviceCaps
CreateFontA
GetTextMetricsA
GetCharABCWidthsA
GetObjectA
CreateFontIndirectA
SetBkMode
IntersectClipRect
DeleteObject
DeleteDC
SelectObject
CreateCompatibleDC
CreateDIBSection
BitBlt
SetDIBitsToDevice
SetTextColor
StretchBlt

advapi32

RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA

shell32

ShellExecuteA

ole32

CoUninitialize
CoInitialize
CoInitializeSecurity
CoCreateInstance

oleaut32

SysFreeString
SysAllocStringByteLen

wininet

InternetOpenA
HttpOpenRequestA
HttpQueryInfoA
InternetReadFile
InternetConnectA
HttpSendRequestA
InternetCloseHandle

winmm

timeEndPeriod
PlaySoundA
timeBeginPeriod
timeGetTime

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 220KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PLANT2 V2 ZOMB132/Uninstall.ini
PLANT2 V2 ZOMB132/bass.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BASS_Apply3D
BASS_ChannelBytes2Seconds
BASS_ChannelGet3DAttributes
BASS_ChannelGet3DPosition
BASS_ChannelGetAttributes
BASS_ChannelGetData
BASS_ChannelGetDevice
BASS_ChannelGetEAXMix
BASS_ChannelGetInfo
BASS_ChannelGetLength
BASS_ChannelGetLevel
BASS_ChannelGetPosition
BASS_ChannelIsActive
BASS_ChannelIsSliding
BASS_ChannelPause
BASS_ChannelPlay
BASS_ChannelPreBuf
BASS_ChannelRemoveDSP
BASS_ChannelRemoveFX
BASS_ChannelRemoveLink
BASS_ChannelRemoveSync
BASS_ChannelSeconds2Bytes
BASS_ChannelSet3DAttributes
BASS_ChannelSet3DPosition
BASS_ChannelSetAttributes
BASS_ChannelSetDSP
BASS_ChannelSetEAXMix
BASS_ChannelSetFX
BASS_ChannelSetFlags
BASS_ChannelSetLink
BASS_ChannelSetPosition
BASS_ChannelSetSync
BASS_ChannelSlideAttributes
BASS_ChannelStop
BASS_ErrorGetCode
BASS_FXGetParameters
BASS_FXSetParameters
BASS_Free
BASS_Get3DFactors
BASS_Get3DPosition
BASS_GetCPU
BASS_GetConfig
BASS_GetDSoundObject
BASS_GetDevice
BASS_GetDeviceDescription
BASS_GetEAXParameters
BASS_GetInfo
BASS_GetVersion
BASS_GetVolume
BASS_Init
BASS_MusicFree
BASS_MusicGetAttribute
BASS_MusicGetName
BASS_MusicGetOrderPosition
BASS_MusicGetOrders
BASS_MusicLoad
BASS_MusicSetAttribute
BASS_Pause
BASS_PluginFree
BASS_PluginLoad
BASS_RecordFree
BASS_RecordGetDevice
BASS_RecordGetDeviceDescription
BASS_RecordGetInfo
BASS_RecordGetInput
BASS_RecordGetInputName
BASS_RecordInit
BASS_RecordSetDevice
BASS_RecordSetInput
BASS_RecordStart
BASS_SampleCreate
BASS_SampleCreateDone
BASS_SampleFree
BASS_SampleGetChannel
BASS_SampleGetInfo
BASS_SampleLoad
BASS_SampleSetInfo
BASS_SampleStop
BASS_Set3DFactors
BASS_Set3DPosition
BASS_SetConfig
BASS_SetDevice
BASS_SetEAXParameters
BASS_SetVolume
BASS_Start
BASS_Stop
BASS_StreamCreate
BASS_StreamCreateFile
BASS_StreamCreateFileUser
BASS_StreamCreateURL
BASS_StreamFree
BASS_StreamGetFilePosition
BASS_StreamGetTags
BASS_Update
_

Sections

Size: 85KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 568B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PLANT2 V2 ZOMB132/drm/common/drm.xml
PLANT2 V2 ZOMB132/drm/common/drm.xml.sig
PLANT2 V2 ZOMB132/drm/common/fonts/Arial10.txt
PLANT2 V2 ZOMB132/drm/common/fonts/Arial10Bold.txt
PLANT2 V2 ZOMB132/drm/common/fonts/Arial12Bold.txt
PLANT2 V2 ZOMB132/drm/common/fonts/Arial9.txt
PLANT2 V2 ZOMB132/drm/common/fonts/Arial9Bold.txt
PLANT2 V2 ZOMB132/drm/common/fonts/_Arial10.png
.png
PLANT2 V2 ZOMB132/drm/common/fonts/_Arial10Bold.png
.png
PLANT2 V2 ZOMB132/drm/common/fonts/_Arial12Bold.png
.png
PLANT2 V2 ZOMB132/drm/common/fonts/_Arial9.png
.png
PLANT2 V2 ZOMB132/drm/common/fonts/_Arial9Bold.png
.png
PLANT2 V2 ZOMB132/drm/common/images/btn_buynow.gif
.gif
PLANT2 V2 ZOMB132/drm/common/images/btn_buynow2.gif
.gif
PLANT2 V2 ZOMB132/drm/common/images/btn_continue.gif
.gif
PLANT2 V2 ZOMB132/drm/common/images/btn_continue2.gif
.gif
PLANT2 V2 ZOMB132/drm/common/images/btn_finish.gif
.gif
PLANT2 V2 ZOMB132/drm/common/images/btn_finish2.gif
.gif
PLANT2 V2 ZOMB132/drm/common/images/btn_mask.gif
.gif
PLANT2 V2 ZOMB132/drm/common/images/btn_play.gif
.gif
PLANT2 V2 ZOMB132/drm/common/images/btn_play2.gif
.gif
PLANT2 V2 ZOMB132/drm/common/images/btn_play3.gif
.gif
PLANT2 V2 ZOMB132/drm/common/images/ecomm_wrapper_background.jpg
.jpg
PLANT2 V2 ZOMB132/drm/common/images/ecomm_wrapper_background_centered.jpg
.jpg
PLANT2 V2 ZOMB132/drm/common/images/ssframe.png
.png
PLANT2 V2 ZOMB132/drm/common/scripts/Bullets.luc
PLANT2 V2 ZOMB132/drm/common/scripts/ClassLink.luc
PLANT2 V2 ZOMB132/drm/common/scripts/Common.luc
PLANT2 V2 ZOMB132/drm/common/scripts/Consts.luc
PLANT2 V2 ZOMB132/drm/common/scripts/DProps.luc
PLANT2 V2 ZOMB132/drm/common/scripts/DRMApp.luc
PLANT2 V2 ZOMB132/drm/common/scripts/Default.luc
PLANT2 V2 ZOMB132/drm/common/scripts/Game.luc
PLANT2 V2 ZOMB132/drm/common/scripts/Layout.luc
PLANT2 V2 ZOMB132/drm/common/scripts/LuaApp.luc
PLANT2 V2 ZOMB132/drm/common/scripts/LuaCommonWidgets.luc
PLANT2 V2 ZOMB132/drm/common/scripts/LuaWidget.luc
PLANT2 V2 ZOMB132/drm/common/scripts/Screen.luc
PLANT2 V2 ZOMB132/drm/common/scripts/main.luc
PLANT2 V2 ZOMB132/drm/custom/drm.xml
PLANT2 V2 ZOMB132/drm/custom/drm.xml.sig
PLANT2 V2 ZOMB132/drm/game.jpg
.jpg
PLANT2 V2 ZOMB132/drm/game_.gif
.gif
PLANT2 V2 ZOMB132/drm/logo.jpg
.jpg
PLANT2 V2 ZOMB132/drm/logo_.gif
.gif
PLANT2 V2 ZOMB132/drmss.jpg
.jpg
PLANT2 V2 ZOMB132/eula.txt
PLANT2 V2 ZOMB132/header.jpg
.jpg
PLANT2 V2 ZOMB132/info.txt
PLANT2 V2 ZOMB132/main.pak
PLANT2 V2 ZOMB132/properties/partner.xml
PLANT2 V2 ZOMB132/properties/partner.xml.sig
PLANT2 V2 ZOMB132/properties/partner_logo.jpg
.jpg
PLANT2 V2 ZOMB132/readme.html
.html
PLANT2 V2 ZOMB132/steam.dll
.dll windows:4 windows x86 arch:x86

72fadf9e53818fd86f58e6c8af873815

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MessageBoxA

advapi32

RegQueryValueExA
RegOpenKeyExA

kernel32

SetStdHandle
TlsGetValue
WriteConsoleW
GetConsoleOutputCP
GetCommandLineA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateFileA
GetFileSize
CreateFileMappingA
CloseHandle
MapViewOfFile
UnmapViewOfFile
ExitProcess
DisableThreadLibraryCalls
GetEnvironmentStrings
CreateProcessA
SetLastError
VirtualProtect
GetModuleHandleA
TerminateProcess
GetCurrentProcess
CreateDirectoryA
GetStdHandle
WriteConsoleA
GetCurrentDirectoryA
GetModuleFileNameA
GetFullPathNameA
GetSystemInfo
FindFirstFileA
FindClose
CompareStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
MultiByteToWideChar
GetLastError
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindNextFileA
HeapFree
HeapAlloc
GetCurrentThreadId
GetVersionExA
GetProcessHeap
RaiseException
RtlUnwind
GetProcAddress
SetEndOfFile
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
SetEnvironmentVariableA
WideCharToMultiByte
SetEnvironmentVariableW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
ReadFile
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LoadLibraryA
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CompareStringA

shell32

ShellExecuteA

Exports

Exports

?SteamSpawnedApplicationProcess@@YAXK@Z
CreateInterface
InternalSteamNumClientsConnectedToEngine
InternalSteamShouldShutdownEngine2
SteamAPI_Init
SteamAPI_InitGlobalInstance
SteamAPI_RegisterCallback
SteamAPI_RunCallbacks
SteamAPI_Shutdown
SteamAPI_UnregisterCallback
SteamAbortCall
SteamAbortOngoingUserIDTicketValidation
SteamAckSubscriptionReceipt
SteamApps
SteamBilling
SteamBlockingCall
SteamChangeAccountName
SteamChangeEmailAddress
SteamChangeForgottenPassword
SteamChangeOfflineStatus
SteamChangePassword
SteamChangePersonalQA
SteamCleanup
SteamClearError
SteamClient
SteamCloseFile
SteamCreateAccount
SteamCreateCachePreloaders
SteamCreateLogContext
SteamDecryptDataForThisMachine
SteamDeleteAccount
SteamEmuGetGcfList
SteamEmuGetLocalGcfCopy
SteamEmuGetProperty
SteamEmuGetWholeGcfCopy
SteamEmu_GetGcfList
SteamEmu_GetLocalGcfCopy
SteamEmu_GetProperty
SteamEmu_GetWholeGcfCopy
SteamEncryptDataForThisMachine
SteamEnumerateApp
SteamEnumerateAppDependency
SteamEnumerateAppIcon
SteamEnumerateAppLaunchOption
SteamEnumerateAppVersion
SteamEnumerateSubscription
SteamEnumerateSubscriptionDiscount
SteamEnumerateSubscriptionDiscountQualifier
SteamFindApp
SteamFindClose
SteamFindFirst
SteamFindNext
SteamFindServersGetErrorString
SteamFindServersIterateServer
SteamFindServersNumServers
SteamFlushCache
SteamFlushFile
SteamForgetAllHints
SteamFriends
SteamGenerateSuggestedAccountNames
SteamGetAccountStatus
SteamGetAppCacheSize
SteamGetAppDependencies
SteamGetAppDir
SteamGetAppIds
SteamGetAppPurchaseCountry
SteamGetAppStats
SteamGetAppUpdateStats
SteamGetAppUserDefinedInfo
SteamGetAppUserDefinedRecord
SteamGetCacheDecryptionKey
SteamGetCacheDefaultDirectory
SteamGetCacheFilePath
SteamGetContentServerInfo
SteamGetCurrentEmailAddress
SteamGetEncryptedNewValveCDKey
SteamGetEncryptedUserIDTicket
SteamGetEncryptionKeyToSendToNewClient
SteamGetLocalClientVersion
SteamGetLocalFileCopy
SteamGetNumAccountsWithEmailAddress
SteamGetOfflineStatus
SteamGetSponsorUrl
SteamGetSubscriptionExtendedInfo
SteamGetSubscriptionIds
SteamGetSubscriptionPurchaseCountry
SteamGetSubscriptionReceipt
SteamGetSubscriptionStats
SteamGetTotalUpdateStats
SteamGetUser
SteamGetUserType
SteamGetVersion
SteamGetc
SteamHintResourceNeed
SteamInitializeUserIDTicketValidator
SteamInsertAppDependency
SteamIsAccountNameInUse
SteamIsAppSubscribed
SteamIsCacheLoadingEnabled
SteamIsFileImmediatelyAvailable
SteamIsFileNeededByCache
SteamIsLoggedIn
SteamIsSecureComputer
SteamIsSubscribed
SteamLaunchApp
SteamLoadCacheFromDir
SteamLoadFileToCache
SteamLog
SteamLogResourceLoadFinished
SteamLogResourceLoadStarted
SteamLogin
SteamLogout
SteamMatchmaking
SteamMountAppFilesystem
SteamMountFilesystem
SteamMoveApp
SteamNumAppsRunning
SteamOpenFile
SteamOpenFileEx
SteamOpenTmpFile
SteamOptionalCleanUpAfterClientHasDisconnected
SteamPauseCachePreloading
SteamPrintFile
SteamProcessCall
SteamProcessOngoingUserIDTicketValidation
SteamPutc
SteamReadFile
SteamRefreshAccountInfo
SteamRefreshAccountInfoEx
SteamRefreshLogin
SteamRefreshMinimumFootprintFiles
SteamRemoveAppDependency
SteamRepairOrDecryptCaches
SteamRequestAccountsByCdKeyEmail
SteamRequestAccountsByEmailAddressEmail
SteamRequestEmailAddressVerificationEmail
SteamRequestForgottenPasswordEmail
SteamResumeCachePreloading
SteamSeekFile
SteamSetAppCacheSize
SteamSetAppVersion
SteamSetCacheDefaultDirectory
SteamSetMaxStallCount
SteamSetNotificationCallback
SteamSetUser
SteamSetvBuf
SteamShutdownEngine
SteamShutdownUserIDTicketValidator
SteamSizeFile
SteamStartEngine
SteamStartLoadingCache
SteamStartValidatingNewValveCDKey
SteamStartValidatingUserIDTicket
SteamStartup
SteamStat
SteamStopLoadingCache
SteamSubscribe
SteamTellFile
SteamUninstall
SteamUnmountAppFilesystem
SteamUnmountFilesystem
SteamUnsubscribe
SteamUpdateAccountBillingInfo
SteamUpdateSubscriptionBillingInfo
SteamUser
SteamUtils
SteamVerifyEmailAddress
SteamVerifyPassword
SteamWaitForAppReadyToLaunch
SteamWaitForResources
SteamWeakVerifyNewValveCDKey
SteamWriteFile
SteamWriteMiniDumpFromAssert
SteamWriteMiniDumpSetComment
SteamWriteMiniDumpUsingExceptionInfo
SteamWriteMiniDumpUsingExceptionInfoWithBuildId
Steam_GetHSteamUserCurrent
Steam_RegisterInterfaceFuncs
Steam_RunCallbacks
_f

Sections

.text
Size: 200KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PLANT2 V2 ZOMB132/steam_api.dll
.dll windows:4 windows x86 arch:x86

eebb2f7547ef3b974839c0c8a701677a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

68:69:75:35:e3:81:fe:1f:91:c1:15:35:28:14:6a:27
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24/11/2006, 00:00

Not After

24/11/2009, 23:59

Subject

CN=Valve,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Valve,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

be:1f:70:3c:82:42:dc:f3:2b:11:ab:11:50:18:24:28:d9:6f:8c:6f
Signer

Actual PE Digest

be:1f:70:3c:82:42:dc:f3:2b:11:ab:11:50:18:24:28:d9:6f:8c:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

U:\steam3_rel_sdk\bin\release\steam_api.pdb

Imports

kernel32

CloseHandle
GetExitCodeProcess
OutputDebugStringA
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
LoadLibraryExA
OpenProcess
GetProcAddress
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetLastError
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
ExitProcess
Sleep
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
GetLocaleInfoA
InitializeCriticalSection
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Exports

Exports

GetHSteamPipe
GetHSteamUser
SteamAPI_GetHSteamPipe
SteamAPI_GetHSteamUser
SteamAPI_GetSteamInstallPath
SteamAPI_Init
SteamAPI_InitSafe
SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamAPI_RunCallbacks
SteamAPI_SetMiniDumpComment
SteamAPI_SetTryCatchCallbacks
SteamAPI_Shutdown
SteamAPI_UnregisterCallResult
SteamAPI_UnregisterCallback
SteamAPI_WriteMiniDump
SteamApps
SteamClient
SteamContentServer
SteamContentServerUtils
SteamContentServer_Init
SteamContentServer_RunCallbacks
SteamContentServer_Shutdown
SteamFriends
SteamGameServer
SteamGameServerApps
SteamGameServerNetworking
SteamGameServerUtils
SteamGameServer_BSecure
SteamGameServer_GetHSteamPipe
SteamGameServer_GetHSteamUser
SteamGameServer_GetIPCCallCount
SteamGameServer_GetSteamID
SteamGameServer_Init
SteamGameServer_InitSafe
SteamGameServer_RunCallbacks
SteamGameServer_Shutdown
SteamMasterServerUpdater
SteamMatchmaking
SteamMatchmakingServers
SteamNetworking
SteamRemoteStorage
SteamUser
SteamUserStats
SteamUtils
Steam_GetHSteamUserCurrent
Steam_RegisterInterfaceFuncs
Steam_RunCallbacks
g_pSteamClientGameServer

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PLANT2 V2 ZOMB132/steamemu.ini

Sharing

General

Malware Config

Signatures

Files

caa73f3854faf99325bb3b7b5cb4c400

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

3c:61:df:38:d5:bb:38:36:a8:b4:4b:98:5c:50:44:79Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

wsock32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

winmm

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 256KB - Virtual size: 253KB

.data Size: 52KB - Virtual size: 423KB

.rsrc Size: 220KB - Virtual size: 216KB

Headers

File Characteristics

Exports

Exports

Sections

Size: 85KB - Virtual size: 244KB

.rsrc Size: 568B - Virtual size: 4KB

Size: - Virtual size: 4KB

Size: 4KB - Virtual size: 3KB

72fadf9e53818fd86f58e6c8af873815

Headers

File Characteristics

Imports

user32

advapi32

kernel32

shell32

Exports

Exports

Sections

.text Size: 200KB - Virtual size: 197KB

.rdata Size: 52KB - Virtual size: 48KB

.data Size: 8KB - Virtual size: 17KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 16KB - Virtual size: 12KB

eebb2f7547ef3b974839c0c8a701677a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

68:69:75:35:e3:81:fe:1f:91:c1:15:35:28:14:6a:27Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

be:1f:70:3c:82:42:dc:f3:2b:11:ab:11:50:18:24:28:d9:6f:8c:6fSigner

Headers

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

3c:61:df:38:d5:bb:38:36:a8:b4:4b:98:5c:50:44:79
Certificate

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 256KB - Virtual size: 253KB

.data
Size: 52KB - Virtual size: 423KB

.rsrc
Size: 220KB - Virtual size: 216KB

.rsrc
Size: 568B - Virtual size: 4KB

.text
Size: 200KB - Virtual size: 197KB

.rdata
Size: 52KB - Virtual size: 48KB

.data
Size: 8KB - Virtual size: 17KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 16KB - Virtual size: 12KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

68:69:75:35:e3:81:fe:1f:91:c1:15:35:28:14:6a:27
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

be:1f:70:3c:82:42:dc:f3:2b:11:ab:11:50:18:24:28:d9:6f:8c:6f
Signer

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 856B

.reloc
Size: 8KB - Virtual size: 5KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

3c:61:df:38:d5:bb:38:36:a8:b4:4b:98:5c:50:44:79
Certificate

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 256KB - Virtual size: 253KB

.data
Size: 52KB - Virtual size: 423KB

.rsrc
Size: 220KB - Virtual size: 216KB

.rsrc
Size: 568B - Virtual size: 4KB

.text
Size: 200KB - Virtual size: 197KB